2298b7200dbc456fa2c49c8ef6309d7c42d2ed0365163cb33a0b87494ab58c4f

Sharing

Copy URL Twitter E-mail

General

Target

2298b7200dbc456fa2c49c8ef6309d7c42d2ed0365163cb33a0b87494ab58c4f
Size

188KB
MD5

be7ad4885858a016e1ce0b6d34e6fa15
SHA1

5608fcf8f8df535b31c0ed0708f8130472bcd9b9
SHA256

2298b7200dbc456fa2c49c8ef6309d7c42d2ed0365163cb33a0b87494ab58c4f
SHA512

d28478744accf2da914ac5539b7039548d0a8512be0cf84b008da85799ce25a5deff2e4aed25c3fd9e4fcfa6c5b6586d63dc0b905af08069006d4772dc191010
SSDEEP

3072:w6jS9h0gJTGjyP3L+eogJBIPypgxVZhatt5jHt:9+IBjUtsbPZhOP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2298b7200dbc456fa2c49c8ef6309d7c42d2ed0365163cb33a0b87494ab58c4f

Files

2298b7200dbc456fa2c49c8ef6309d7c42d2ed0365163cb33a0b87494ab58c4f
.dll windows:4 windows x86 arch:x86

ce1931e898381eacb4aa6c3d9469b0a5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\source\vce\bin\release\win32\files\SbCeDriverCom.pdb

Imports

fltlib

FilterGetDosName
FilterReplyMessage
FilterGetMessage
FilterSendMessage
FilterConnectCommunicationPort

advapi32

InitializeSecurityDescriptor
ConvertSidToStringSidW
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
SetSecurityDescriptorDacl

oleaut32

GetErrorInfo
SysFreeString
SysAllocString
SysAllocStringByteLen

shlwapi

PathIsRootW

ole32

CoUninitialize
OleRun
CoInitialize
CoCreateInstance

kernel32

GetConsoleCP
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
GetConsoleMode
GetStringTypeA
InitializeCriticalSection
GetLocaleInfoA
WriteConsoleW
CreateFileA
FlushFileBuffers
LoadLibraryA
GetStringTypeW
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
LCMapStringW
LCMapStringA
HeapSize
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
LocalFree
SetEndOfFile
WriteFile
ReadFile
CloseHandle
GetFileSizeEx
GetLastError
CreateFileW
DeleteFileW
GetOverlappedResult
QueryDosDeviceW
GetLogicalDriveStringsW
WaitForMultipleObjects
WaitForSingleObject
GlobalFindAtomW
FreeLibrary
GetProcAddress
LoadLibraryW
GetTickCount
GetCurrentProcessId
GetLocalTime
GetTempPathW
ReleaseMutex
SetLastError
GetCurrentThreadId
GetModuleFileNameW
FormatMessageW
OpenProcess
GetCurrentProcess
GetVersionExA
WideCharToMultiByte
MultiByteToWideChar
CreateEventW
SetEvent
ResetEvent
CreateMutexW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
InterlockedIncrement
InterlockedDecrement
HeapFree
GetProcessHeap
GetFileSize
SetFilePointer
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
ExitThread
CreateThread
GetCommandLineA
HeapAlloc
HeapReAlloc
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetStdHandle
GetModuleFileNameA
ExitProcess
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce1931e898381eacb4aa6c3d9469b0a5

Headers

File Characteristics

PDB Paths

Imports

fltlib

advapi32

oleaut32

shlwapi

ole32

kernel32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 121KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 13KB

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 13KB